Using attibutes

Emmanuel BILLOT emmanuel.billot at ac-orleans-tours.fr
Mon May 21 10:59:38 CEST 2012


Le 21/05/2012 10:47, Alan DeKok a écrit :
> Emmanuel BILLOT wrote:
Hi,

Thanks for your answers.
So you mean that NAS (indeed access point for us) have to understand 
attributes. Any RFC that NAS doc may refer to ?

If there isn't any doc or attribut, do you know any way to managed users 
connexions when using EAP protocol ?

Regards,

>> Our WIFI access is managed by EAP-TTLS/EAP-PEAP with radius
>> authentication based on LDAP. So users can connect and use Internet,
>> however is possible to limit access (bandwith, connecting time) with
>> Freeradius ?
>    FreeRADIUS isn't a router.  See your NAS documentation for which
> attributes it needs to do access limitation.  Many NASes CANNOT do such
> limitation.
>
>> In other words, it seems (maybe i'm wrong) that Freeradius can send
>> attribut with values when answering with Access Accept packet. I guess
>> that clients have to understand it for being effective right ?
>    Yes.
>
>> So when using access point with EAP protocol, i guess native EAP client
>> have to be compatibe with an attribut list ?
>    No.  The EAP client is the end user PC.  Only the NAS needs to
> understand RADIUS attributes.
>
>> This behaviour seems to be implemented in captive portal, and attributes
>> can be managed in portal configuration. Is it possible with EAP access
>> (native client or secure w2 like ?)
>    No.  Captive portals are not compatible with EAP.
>
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
Emmanuel BILLOT
CATEL - Dpt. Système et Réseaux
Rectorat - Académie d'Orléans-Tours
10, rue Molière - 45000 Orléans
Tél : 02 38 79 45 57



More information about the Freeradius-Users mailing list